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Substitute Specification (marked-up version) 



5 ADDRESS ENCRYPTION METHOD FOR FLASH MEMORIES 

Background of the Invention 

The present invention relates to a data processing device, in particular an electronic memory 
component, comprising a plurality of access-secured sub-areas, in particular a plurality of access- 
secured memory areas, each having at least one assigned parameter (a n , a n _i,..., a\, ao), in particular 
10 address. 

The present invention further relates to a method of encrypting at least one parameter (a n , 
a n -i,..., ai, ao), in particular the address, of at least one access-secured sub-area, in particular at least 
one access-secured memory area, of at least one data processing device, in particular at least one 
electronic memory component. 

In known methods of encrypting confidential data, such as for instanc e p ersonal data, key 
15 data or otherwise sensitive data, a non-volatile memory unit can only be encrypted as a complete 
compact p hysical ov e rall m emory in a generally mor e or - l ess-fixed manner; this means , in oth e r 
words, that access can only conv e ntionally b e denied to memories in their entirety. 

This method, known from the prior art, of encrypting entire integrated circuit (IC) 
Int e grat e d] C[ircuit] areas is considered disadvantageous in view of the high cost associat e d 
th e r e with together with its technical complexity and lack of flexibility. For this reason, it is 

20 

desirable att e mpts ar e constantly b e ing mad e to develop alternative methods of encrypting access- 
secured memory areas or ethef-sub-areas. 

If, for instance, to control a memory of the size M = 2 1 = 2 n+1 with i = n+1 address buseSi 
when pr e cisely these address buses are encrypted over the entire address space, modification of one 
address bus would have the possible effect of modifying a plurality of address buses, indeed even 
those address buses which ensure that a physically remote memory cell is addressed. 

25 

This is not sensible for a number of a memory types, including in particular memories that 
which are organized into areas, such as erasable programmable read only memory (EPROM), 
electrically erasable programmable read only memory (EEPROM) Elrasabl e ] Programmabl e ] 
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R[ e ad] 0[nly] M[ e mory], E[l e ctrioally] Erasabl e ] P[rogrammabl e ] R[ e ad] Q[nly] M[ e mory] or 
Flash memory. Separation of the address buses into a number of areas and subsequent independent 
encryption of each of the individual areas is inadequate, however, with regard to security. 

Taking as basis the above-described disadvantages and shortcomings and acknowledging 
the outlined prior art, it is an object of the present invention se-to develop a data processing device, 
in particular an electronic memory component, of the above- mentioned type^ together with an 
encryption method related thereto, that on th e on e hand the security of the_sueh-device[[s]] is 
increased considerably and on th e oth e r hand t he expense associated therewith and the technical 
complexity are not too great. 

Brief Description of the Drawings 

FIG. 1 shows an address encryption block according to aspects of the invention. 

FIG. 2 shows a block diagram of a memory according to aspects of the invention; and 

FIG. 3 shows a block diagram of a smart card according to aspects of the invention. 

This obj e ct is achi e v e d with a'data proc e ssing devic e , in particular an e l e ctronic m e mory 
component of non volatil e natur e , having th e f e atur es indicated in claim l'and by an encryption 
m e thod r e lat e d th e r e to having th e f e atur e s indicat e d in claim 6. 

Advantag e ous e mbodim e nts and e xp e di e nt furth e r e mbodim e nts of th e pr e s e nt inv e ntion 
ar e id e ntifi e d in th e r e sp e ctiv e d e p e nd e nt claims. 

Detailed Description 

According to th e t e aching of tj he present inventio n, th e r e for e , provides a completely novel 
approach to area-wise encryption of memory contents is provid e d , i.e^ a new method is disclosed 
for encrypting access-secured memory sectors of non-volatile nature and/or other sub-sectors. 

To this end, the present invention allows parts of the (address) parameters of the memory 
areas to be encrypted in different ways with regard to the object and/or with regard to the customer 
and/or with regard to the "die". This mean s, in oth e r words, that some sub-areas or sectors of the 
address do not affect all the addresses, unlike in the prior art. 
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According to the invention, therefore, encryption of one access-secured sub- area, in 
particular an access-secured memory area, is performed while taking account of the other 
respectively available sub-areas, in particular memory areas. This makes it possible to encrypt each 
* sub-area with in each case different parameters. 

In an According to a pr e f e rr e d embodiment of the present inventio n shown in FIG. 1 , an 
encription block 5 receives an unencrypted address 10 of the form a n , a n .i,..., a\, ao may take the 
following appearance, in accordance with the above-described encryption method: fi(a„), 
f2(fi(a n )+a n -i), f3(f2(fi(an)+a n .i)+a n .2),..,f„+i(f„(f„-i(...))), i.e. an unencrypted address of the form a n , 
a„-i,..., ai, ao may be mapped by onto i = n+1 (scramble) functions f into an encripted address 20 of 
10 the form a' s , a'^ a'u a'n . 

In this context, it is obvious that although variation of the parameter a n , in particular of the 
address parameter, may influence all the other address buses, variation of the parameter a n _i does 
not have any influence on the most significant function fi(a n ). 

It is expedient for fj(a) to be any desired one-to-one function, i.e. there are precisely 2 1 
plain/cipher pairs, wherein an unencrypted address a n , a n -i„..., ai, ao is always transformed into a 

15 

unique encrypted address a' n , a'„.i,— > a'i, a\>. On the other hand, the function fj itself does not have 
to be bijective, i.e^ it does not have to be reversible. 

In an advantageous further embodiment of the present invention, not all stages have to be 
fully performed, i.e.i some functions fj may directly reproduce the relevant address bit: a' = a. 
Alternatively or in addition thereto, the address buses may also be grouped; this may appropriately 
2Q mean, inter alia, that the inputs to the functions fj and the return values from the functions fj may be 
several bits wide. 

In an advantageous embodiment of the present invention, as shown in FIG. 2 

[[-]] for EPROM memories or for EEPROM memories division into two sub-areas 
50a, 50b with functions fi(a n ,..., a x ) and f2(fi(a x .i,..., ao)) is useful and 

[[-]] for flash memories division into three sub-areas 50a, 50b, 50n with functions 
25 fi(a n ,..., a x ), f 2 (fi(a x .i,..., a y )) and f 3 (f 2 (fi(a y .i,..., ao))) is useful. 
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According to a particularly inventive further embodiment, access-secured memory areas 
may be separately secured, i.e. boundary conditions which require a physical memory are fully 
utilized by the new method (the wide variety of encryptions is here limited only insignificantly). 

As shown in FIG. 3, tT -he present invention further relates to a microcontroller, in particular 
a smart card controller 73, comprising at least one data processing device 75 of the above-described 
type. Accordingly, the above-described method may preferably be built into all smart card designs, 
for example. 

The present invention finally relates to the use of at least one data processing device, in 
particular at least one electronic memory componen t 77, of the above-described type in at least one 
chip unit, in particular in at least one smart card controller, in at least one reader IC Int e grat e d! 
C[ircuit] or in at least one crypto chipset, for examplei in the field of audio and/or video encryption. 

As already discussed above, there are various possible ways of advantageously embodying 
and developing the teaching of the present invention. Reference is made, in this regard, to the 
claims subordinate to claims 1 and 6, and the invention will be further described with reference to 
examples of embodiments shown in the drawings to which, however, the invention is not restricted. 
In the Figures: 

Fig. 1 is a schematic block diagram of an example of embodiment of the encryption method 
according to the present invention applied to a data processing device according to the present 
invention. 

The encryption method according to the present invention for application in an electronic 
memory component is based on the idea of encrypting unencrypted addresses a n , a n -i,..., a\, ao of an 
access-secured memory area only in certain areas, i.e. in dependence on one or more further 
memory areas, such that encrypted addresses a' n , a' n .i,..., a'i, a'o are formed. 

To this end, i = n+1 one-to-one (--> 2-2 n+1 plain/cipher-pairs) scramble functions fi, {2,..., 
f n , f n +i are provided, such that, after mapping, the unencrypted addresses of the form a n , a n -i,..., ai, a© 
have the following appearance when encrypted by the functions fj (c.f. Fig. 1): 

fi(a n ), f 2 (f,(a n )+a n .,), f 3 (f2(fi(a n )+a n .,) +^-2) f„ + i(f„(f„-i(...))) 
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This makes it possible to encrypt each sub-area with in each case different parameters. 

In this context, it is obvious that although variation of the addresses a n , a n -i,..., ai, ao may 
influence all the other address buses, variation of the parameter a n -i, does not have any influence on 
5 the most significant function fi (a n ). 

As an alternative to that illustrated in Fig. 1, not all i = n+1 stages have to be fully 
performed, i. e. some functions f; may also directly reproduce the relevant address bit: a' =a. 

Furthermore, the address buses may also be grouped; this may mean, inter alia, that the 
inputs to the functions fj and the return values from the functions fj may be several bits wide. 
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LIST OF REFERENCE NUMERALS 

5 



10 
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ao 


first unencrypted address 


ai 


second unencrypted address 


a"' 1 


th 

n unencrypted address 


a n 


n+l th unencrypted address 


a'o 


first encrypted address 


a'i 


second encrypted address 


a'n-i 


n th encrypted address 


a' n 


n+l th encrypted address 


fl 


first function, in particular first scramble function 


f 2 


second function, in particular second scramble function 


fn 


n th function, in particular n* scramble function 


fn+1 


n+l* function, in particular n+l th scramble function 
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